Managed Services

Six (6) Steps to address Zero-Day Exploits on Exchange Servers

Four (4) zero-day vulnerabilities in Microsoft Exchange Server are being actively exploited by Hafnium, which the State Department believes is a state sponsored group that typically targets US entities with the goal of exfiltrating data. The zero-day vulnerabilities in Exchange, according to Microsoft, include the following:
  • CVE-2021-26855 – Vulnerability allowing outside party to make untrusted connection to Exchange Server port 443. Also known as SSRF (server side request forgery).
  • CVE-2021-26857 – Vulnerability in EUMS (Exchange Unified Messaging Service) that allows arbitrary code deployment.
  • CVE-2021-26858 – Vulnerability that allows a program, post authentication, to write and change paths.
  • CVE-2021-27065 -Another vulnerability similar to 26858 (see above)
If left unpatched, all these vulnerabilities can be exploited in an attack chain that could lead to RCE (remote code execution) leaving Exchange server vulnerable to being hijacked, back-door data theft, and deployment of future malware. According to various estimates, 30,000-60,000 organizations have been hacked and some 18,000 servers worldwide have been affected. Microsoft Security Intelligence has identified Ransomware called DearCry that is being actively targeted on compromised Exchange servers to cause further havoc.
Six (6) Steps to address Zero-Day Exploits on Exchange Servers: It is important for any organization utilizing on-premise Exchange server(s) to address this serious cybersecurity issue using the following steps:
  1. Apply Exchange Updates – Microsoft recommends a current supported RU/CU before any security patch is applied. The update will depend on whether you are using Exchange Server 2010, 2016, or 2019. For more information, visit Microsoft Tech Community and Exchange Security Update for Older Cumulative Updates of Exchange Server.
  2. Scan your System to Determine Compromise – Released by Microsoft, Test-ProxyLogon.ps1 script scans log files to determine if the system has been compromised. If your system has been compromised, notify all stakeholders immediately.
  3. Apply Security Patch – Apply the security patch to close these vulnerabilities. The easiest way to accomplish this is through the newly released tool by Microsoft called Exchange On-Premise Mitigation Tool (EOMT.ps1). This tool automates the process of both detecting already created back-doors and patching vulnerabilities. In fact, using this tool, you can skip step 2. Do not use the previously released ExchangeMitigations.ps1 script as EOMT is better and recommended by Microsoft.
  4. Change Existing AD Passwords – Just to be safe, it is a good idea to go ahead and change all existing Active Directory and administrator passwords.
  5. Scan Exchange Server – This is done using Microsoft Safety Scanner. Although this tool will automatically be downloaded and run in step 3, we recommend running this tool regularly, but is not meant as a substitute for an antivirus software on the server.
  6. Deploy and Update EDR Tool – Having gone through the first 5 steps will only plug existing vulnerabilities,, but it is not a guarantee of removal of any existing exploits. Therefore, we recommend using EDR (endpoint detection and response) tool like Barracuda/AVAST as an insurance policy of sorts on people’s computers.
ddadmin

Share
Published by
ddadmin

Recent Posts

Apostas Esports: Os 15 Grandes Sites No País Brasileiro Em 202

Apostas Esports: Os 15 Grandes Sites No País Brasileiro Em 2024"veja Os 15 Bons Sites…

2 months ago

A Regulamentação Das Apostas Em E-sports Simply No Brasi

A Regulamentação Das Apostas Em E-sports Simply No BrasilEsports Apostas No Ano De Jogos Eletrônicos…

2 months ago

Counter Strike Apostas Conselhos De Apostas De Counter Strik

Counter Strike Apostas Conselhos De Apostas De Counter StrikeMelhores Sites De Apostas Em Virtude De…

2 months ago

Bonus Immediato Senza Almacenamiento E Senza Antecedente Di Novembre 2024

Bonus Immediato Senza Almacenamiento E Senza Antecedente Di Novembre 2024"Bonus Immediato Senza Bidón E Senza…

2 months ago

Скачать Мостбет Приложение киромарусом Официального Сайта желающим На Андроид Apk Бк Мостбет

Скачать Мостбет Приложение киромарусом Официального Сайта желающим На Андроид Apk Бк Мостбет"Скачать Приложение Мостбет в…

2 months ago

Best 10 Bitcoin Internet Casinos Usa: Gamble On The Internet With Btc Throughout 202

Best 10 Bitcoin Internet Casinos Usa: Gamble On The Internet With Btc Throughout 2024"Greatest Crypto…

2 months ago